GDPR & ePrivacy Information for AdTech & MarTech Companies

Stay up to date with the latest news regarding the European Union’s General Data Protection Regulation (GDPR) and the proposed ePrivacy regulation and find out what they mean for AdTech and MarTech

On April 27, 2016, the European Union’s General Data Protection Regulation (GDPR) was adopted and triggered the start of a two-year countdown towards its enforcement date on May 25, 2018.

During those two years, all companies that collect data about European citizens and residents had to make a number of changes to their policies and agreements with their partners to ensure they comply with the rules outlined in the GDPR.

In addition to the GDPR, there’s also the ePrivacy regulation, which is designed to specify certain areas of the GDPR, such as the use of personal identifiers, such as cookies and IP addresses, and clarify rules around obtaining user consent — all of which will directly impact the online advertising and marketing industries.

Numbers worth knowing

May 25, 2018

The date when the GDPR came into full force

€20M

Companies can be fined either 20M Euro or 4% of the previous year’s turnover for serious infringements

€10M

Companies can be fined either 10M Euro or 2% of the previous year’s turnover for less-serious infringements

72 Hours

Companies will need to inform their clients and users about a data breach within 72 hours

GDPR will replace the current Data Protection Directive (Directive 95/46/EC) when it comes into force on May 25, 2018.

What is the GDPR?

The General Data Protection Regulation (GDPR), or Regulation (EU) 2016/679 as it’s known in official contexts, is a regulation spearheaded by the three legislative European Union institutions: the European Parliament, European Commission, and Council of the European Union.

It replaced the Data Protection Directive (Directive 95/46/EC) when it came into force on May 25, 2018.

The goal of the GDPR is to return control to data subjects in the union over their data and make the regulatory environment simpler for international business.

Currently, ePrivacy is a directive, but is in the process of being transformed into a regulation, which will also repeal the current directive.

What is ePrivacy?

The ePrivacy directive is a piece of EU legislation that also aims to protect the data and privacy of EU citizens and residents, but with a focus on respecting the private lives of EU citizens and residents when using electronic communications.

Within the online advertising and marketing industries, the current ePrivacy directive is often conversationally referred to as the cookie law because it regulates the usage of cookies, among other identifiers. However, it relates to the protection of privacy in the electronic-communications sector as a whole, not just the usage of cookies for online advertising and marketing.

How Prepared Are AdTech & MarTech Vendors for the GDPR?

In the months leading up to May 25, we asked AdTech & MarTech companies about their GDPR preparations. One week before the GDPR's enforcement date, we released the results...

Given that it is still in progress, the final version of the ePrivacy regulation may still affect how AdTech and MarTech platforms interact with online identifiers based on the GDPR itself and the current state of ePrivacy.

The current state of ePrivacy

On October 19, 2017, the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs (aka LIBE Committee) voted to approve an amended version of the ePrivacy regulation. This amended version was then approved by members of the European Parliament during a plenary session (a meeting of the whole Parliament).

The next stage involves an informal meeting between representatives of the European Parliament, the Council of the European Union, and the European Commission. Once the proposal is finalized and approved by way of voting, it will be adopted and enforced.

The recent advancement towards adoption spelled a huge blow for advertising and marketing lobbyists, such as the Interactive Advertising Bureau Europe (IAB Europe) and Digital Europe. Their last chance at any sort of victory lies with the Council of the European Union and EU member states, which is where their focus will surely be.

Get our whitepaper!

GDPR & ePrivacy: The Effect on AdTech & MarTech From a Technical Perspective

What does the GDPR and ePrivacy mean for AdTech and MarTech from a technical perspective?

Although the GDPR and ePrivacy regulation are legislations that will require AdTech and MarTech vendors to make a number of changes to their policies and contracts with partners, they will also require vendors to make many technological changes to their platforms to ensure they match their policies and comply with these two regulations.

Some of the main technological changes AdTech and MarTech vendors will have make to their platforms include:

Implement mechanism for collecting user consent for activities where the user’s data is passed on to third-parties, such as for tracking and behavioral targeting.

Identify users and their consent decisions, and then take the appropriate actions based on them — e.g. fire tags to pass data to certain platforms and tools, or refrain from firing tags.

Provide users with a current status of the activities they’ve consented to in commonly used and machine-readable format within one month from the time of request.

Pass the user’s consent decision to all parties involved in the consent request — e.g. if a publisher asks a user if they, their AdTech partner, and the AdTech partner’s client can use their data for advertising, then the user’s decision will need to be sent to all those parties. This is particularly challenging in online advertising as for any given ad request, a user’s information could be accessed by dozens of third-parties.

Enable platforms to carry out a process known as data minimization, which involves only processing the amount of data absolutely needed to complete the given activity — something that will be hard for advertisers to define given how many different pieces of data they collect about online users.

Some resources about the GDPR and ePrivacy

GDPR & ePrivacy Information for AdTech & MarTech Companies Stay up to date with the latest news regarding the European Union’s General Data Protection Regulation (GDPR) and the proposed ePrivacy regulation and find out what they mean for AdTech and MarTech On April 27, 2016, the European Union’s General Data Protection Regulation (GDPR) was adopted […]

GDPR & ePrivacy Information for AdTech & MarTech Companies Stay up to date with the latest news regarding the European Union’s General Data Protection Regulation (GDPR) and the proposed ePrivacy regulation and find out what they mean for AdTech and MarTech On April 27, 2016, the European Union’s General Data Protection Regulation (GDPR) was adopted […]

GDPR & ePrivacy Information for AdTech & MarTech Companies Stay up to date with the latest news regarding the European Union’s General Data Protection Regulation (GDPR) and the proposed ePrivacy regulation and find out what they mean for AdTech and MarTech On April 27, 2016, the European Union’s General Data Protection Regulation (GDPR) was adopted […]

GDPR & ePrivacy Information for AdTech & MarTech Companies Stay up to date with the latest news regarding the European Union’s General Data Protection Regulation (GDPR) and the proposed ePrivacy regulation and find out what they mean for AdTech and MarTech On April 27, 2016, the European Union’s General Data Protection Regulation (GDPR) was adopted […]

GDPR & ePrivacy Information for AdTech & MarTech Companies Stay up to date with the latest news regarding the European Union’s General Data Protection Regulation (GDPR) and the proposed ePrivacy regulation and find out what they mean for AdTech and MarTech On April 27, 2016, the European Union’s General Data Protection Regulation (GDPR) was adopted […]

GDPR & ePrivacy Information for AdTech & MarTech Companies Stay up to date with the latest news regarding the European Union’s General Data Protection Regulation (GDPR) and the proposed ePrivacy regulation and find out what they mean for AdTech and MarTech On April 27, 2016, the European Union’s General Data Protection Regulation (GDPR) was adopted […]

GDPR & ePrivacy Information for AdTech & MarTech Companies Stay up to date with the latest news regarding the European Union’s General Data Protection Regulation (GDPR) and the proposed ePrivacy regulation and find out what they mean for AdTech and MarTech On April 27, 2016, the European Union’s General Data Protection Regulation (GDPR) was adopted […]